[ovs-dev] [PATCH] tests: Refactor the iptables accept rule.

William Tu u9012063 at gmail.com
Thu Jul 23 16:35:43 UTC 2020 

Certain Linux distributions, like CentOS, have default iptable
rules to reject input traffic from br-underlay.  Refactor by
creating a macro 'IPTABLES_ACCEPT([bridge])' for adding the
accept rule to the iptable input chain.

Signed-off-by: William Tu <u9012063 at gmail.com>
---
 tests/ovs-macros.at     |  7 +++++++
 tests/system-traffic.at | 12 ++----------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
index fee50901543e..b1f666f4e83f 100644
--- a/tests/ovs-macros.at
+++ b/tests/ovs-macros.at
@@ -333,3 +333,10 @@ m4_ifndef([AT_FAIL_IF],
   [m4_define([AT_FAIL_IF],
     [AT_CHECK([($1) \
     && exit 99 || exit 0], [0], [ignore], [ignore])])])
+
+dnl Certain Linux distributions, like CentOS, have default iptable rules
+dnl to reject input traffic from bridges such as br-underlay.
+dnl Add a rule to always accept the traffic.
+m4_define([IPTABLES_ACCEPT],
+  [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT])
+   on_exit 'iptables -D INPUT 1 -i $1'])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 2a0fbadff4a1..02f0e2716320 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -688,11 +688,7 @@ AT_CHECK([ip link set dev br-underlay up])
 dnl Set up tunnel endpoints on OVS outside the namespace.
 ADD_OVS_TUNNEL([gre], [br0], [at_gre0], [172.31.1.1], [10.1.1.100/24])
 
-dnl Certain Linux distributions, like CentOS, have default iptable rules
-dnl to reject input traffic from br-underlay. Here we add a rule to walk
-dnl around it.
-iptables -I INPUT 1 -i br-underlay -j ACCEPT
-on_exit 'iptables -D INPUT 1'
+IPTABLES_ACCEPT([br-underlay])
 
 ip netns exec at_ns0 tcpdump -n -i p0 dst host 172.31.1.1 -l > p0.pcap &
 sleep 1
@@ -739,11 +735,7 @@ dnl Set up tunnel endpoints on OVS outside the namespace and emulate a native
 dnl linux device inside the namespace.
 ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=1 options:erspan_idx=7])
 
-dnl Certain Linux distributions, like CentOS, have default iptable rules
-dnl to reject input traffic from br-underlay. Here we add a rule to walk
-dnl around it.
-iptables -I INPUT 1 -i br-underlay -j ACCEPT
-on_exit 'iptables -D INPUT 1'
+IPTABLES_ACCEPT([br-underlay])
 
 ip netns exec at_ns0 tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap &
 sleep 1
-- 
2.7.4

More information about the dev mailing list